On Oct 31, 2009, at 3:33 PM, Vadim Zhukov wrote:
Bad idea. pf is not iptables. Read FAQ for examples, and start from
scratch using tricks from those examples, not from iptables.
My biggest problem seems to have been total ignorance of the depth of
the optimizer. I didn't see much in the way of tricks in the examples.
I'll revisit them from a new direction.
Why does pfctl say there's a TCP_IN/TCP_IN?
Because you defined it, no? :)
No. Not that I know of, anyway. I defined TCP_IN and TCP_IN/SMTP, but
not TCP_IN/TCP_IN. So I guess my question should be, "Where/how did I
define TCP_IN/TCP_IN?"
No, you need it just to evaluate subanchors of your anchor.
So it'd need to be there for all but the lowest level?
--
Glenn English
g...@slsware.com
